Users in a Discord server/local community on tools like Discord naturally expect that their actions within that community are private in so far as they trust everyone in the community (including the operator) to keep it so.
By using ATProto, Colibri fundamentally makes all of your communication within any community completely public to everyone on the internet.
That’s fine for something like Twitter, where the product sets the expectation of such a thing. You can imagine how big of an issue this is when you try to do it in a trusted community model. Add on that Discord is used by kids who likely don’t know this and you can see why this is dangerous.
I consider this not only just a liability but bordering negligence. It is fundamentally broken, at an architectural level
First, the user knows this when joining a public community.
Second, the moderators can choose to remove someone who has joined the community in bad faith.
Third, it is entirely different than broadcasting every single action taken by every single user in every single community on the entire protocol to anyone with one URL.
Please consider adding screenshots of the UI that provide an idea of what the experience will be like without having to log in using Bluesky or other credentials.
Thanks for the quick fix :) Nice to see more Discord alternatives these days.
A few other landing page issues if you feel like addressing them:
- Attempting to navigate with the Tab key results in tab order following nav elements once, where focus indicators aren't visible, and then the same elements get iterated over again but this time focus indicators are visible.
- Tab order doesn't include screenshots and jumps to the FAQ
- Clicking a thumbnail shows the larger image but without any elements for closing the overlay
Yeah. Lots of discord-like free-software(as in freedom) chat apps are spawning. I think it's clear that whichever becomes the most popular will not be about who has better code but rather about who manages to get a stronger community around their project.
This looks neat, but should I be concerned about the permissions this is requesting for my account? Bluesky: Manage your profile, posts, likes and follows
Hi! We're doing that to allow you to update your profile from within the app. Not doing anything else besides that. If you have concerns, take a look at the source code:
https://github.com/colibri-social/colibri.social
From a product uptake perspective, I could suggest that since a user is still building trust when they begin use - to only require as few permissions as needed. I'd punt that profile update requirement out personally for another method later.
An example might be when a user has used your app for N sessions, or after N months.
They should prompt the user for permission when they use a feature that requires it, explain why, and allow them to cancel if desired. Have seen this pattern used many times elsewhere.
But that’s not where you want your chats now is it? E2EE? And how does it keep it all private since apparently the Bluesky bros haven't figured that part out?
> But that’s not where you want your chats now is it? E2EE? And how does it keep it all private since apparently the Bluesky bros haven't figured that part out?
It honestly depends. Right now, Colibri is meant to function for communities that are public anyway. If you're a streamer, an open source dev community, Colibri can help you with talking to people who don't want to be locked in by big corporations. As the E2EE and private data, the Bluesky people have posted a new proposal for that only a few days ago, which I'm already thinking about how to implement: https://dholms.leaflet.pub/3mhj6bcqats2o
But, yes, for now, chats are public. Private data will hopefully be a thing soon on the network.
This probably needs a bigger callout. A user who isn't familiar with ATProto doesn't even know to ask this question and the design space from its contemporaries (e.g., discord, slack, etc) suggests that chats are nominally private if folks aren't a member of the channel.
It's a very cool product but you have to let people know their messages aren't private.
Thanks for building this, UX is nice and should encourage people to switch from Discord. Bsky only is a bit disappointing as it is still heavily centralized. I would love to see a system like this that can also set up channels over Nostr and the Fediverse. Fragmentation is starting to become an issue with decentralized and federated social.
We've taken a look at co-supporting ActivityPub as well actually! And yeah, the fragmentation is an issue. But I honestly think we might see at lease some level of interop between these fragments in the coming years, even if it's just some parts of the protocols and specs going in the same direction.
> Running a private group chat? As soon as the AT protocol supports private data, we'll work on implementing it and giving you the option to create private communities.
Not exactly "private when needed" then, is it? It's disingenuous to even mention this in the marketing copy.
29 comments:
Users in a Discord server/local community on tools like Discord naturally expect that their actions within that community are private in so far as they trust everyone in the community (including the operator) to keep it so.
By using ATProto, Colibri fundamentally makes all of your communication within any community completely public to everyone on the internet.
That’s fine for something like Twitter, where the product sets the expectation of such a thing. You can imagine how big of an issue this is when you try to do it in a trusted community model. Add on that Discord is used by kids who likely don’t know this and you can see why this is dangerous.
I consider this not only just a liability but bordering negligence. It is fundamentally broken, at an architectural level
any discord server that offers public invites is effectively public.
First, the user knows this when joining a public community.
Second, the moderators can choose to remove someone who has joined the community in bad faith.
Third, it is entirely different than broadcasting every single action taken by every single user in every single community on the entire protocol to anyone with one URL.
Private channels in public servers exist. I'm almost entirely on private servers.
Please consider adding screenshots of the UI that provide an idea of what the experience will be like without having to log in using Bluesky or other credentials.
Done! Thanks for the suggestion, that's a good idea.
Thanks for the quick fix :) Nice to see more Discord alternatives these days.
A few other landing page issues if you feel like addressing them:
- Attempting to navigate with the Tab key results in tab order following nav elements once, where focus indicators aren't visible, and then the same elements get iterated over again but this time focus indicators are visible.
- Tab order doesn't include screenshots and jumps to the FAQ
- Clicking a thumbnail shows the larger image but without any elements for closing the overlay
- Pressing Esc doesn't close the overlay
- No skip links on any of the pages
I assume it looks the same as literally every other chat app
Yeah. Lots of discord-like free-software(as in freedom) chat apps are spawning. I think it's clear that whichever becomes the most popular will not be about who has better code but rather about who manages to get a stronger community around their project.
This looks neat, but should I be concerned about the permissions this is requesting for my account? Bluesky: Manage your profile, posts, likes and follows
Hi! We're doing that to allow you to update your profile from within the app. Not doing anything else besides that. If you have concerns, take a look at the source code: https://github.com/colibri-social/colibri.social
Very interesting project.
From a product uptake perspective, I could suggest that since a user is still building trust when they begin use - to only require as few permissions as needed. I'd punt that profile update requirement out personally for another method later.
An example might be when a user has used your app for N sessions, or after N months.
They should prompt the user for permission when they use a feature that requires it, explain why, and allow them to cancel if desired. Have seen this pattern used many times elsewhere.
“Your data isn’t trapped on our servers” - where is it then? Who can access it?
“Open social” is so much bs compressed in a couple of buzzwords.
> where is it then?
it might be on https://bsky.social, https://npmx.dev/pds or sitting next to your router in your living room in the form of a raspberry pi (https://atproto.com/guides/self-hosting)
But that’s not where you want your chats now is it? E2EE? And how does it keep it all private since apparently the Bluesky bros haven't figured that part out?
https://colibri.social/faq#where-is-my-data-stored I've just added a new FAQ entry to explain this in a bit more detail.
> But that’s not where you want your chats now is it? E2EE? And how does it keep it all private since apparently the Bluesky bros haven't figured that part out?
It honestly depends. Right now, Colibri is meant to function for communities that are public anyway. If you're a streamer, an open source dev community, Colibri can help you with talking to people who don't want to be locked in by big corporations. As the E2EE and private data, the Bluesky people have posted a new proposal for that only a few days ago, which I'm already thinking about how to implement: https://dholms.leaflet.pub/3mhj6bcqats2o
But, yes, for now, chats are public. Private data will hopefully be a thing soon on the network.
This probably needs a bigger callout. A user who isn't familiar with ATProto doesn't even know to ask this question and the design space from its contemporaries (e.g., discord, slack, etc) suggests that chats are nominally private if folks aren't a member of the channel.
It's a very cool product but you have to let people know their messages aren't private.
Where is data stored? Bluesky? My PDS? Your PDS, for free?
Hi, I've just added an FAQ entry about this: https://colibri.social/faq#where-is-my-data-stored
Also, feel free to DM me (@colibri.social) on Bluesky if you want to migrate to the Colibri PDS! We do host one ourselves.
Only my own messages are in my PDS? Or the entire chat?
How is the chat displayed if messages are scattered among multiple PDSes?
What about the community metadata, where is it stored?
Hi, person behind the project here, thanks for the cross-post!
where can those of us who are not on bluesky get an invite code for an account?
You're welcome! Cool project!
Ty!
Thanks for building this, UX is nice and should encourage people to switch from Discord. Bsky only is a bit disappointing as it is still heavily centralized. I would love to see a system like this that can also set up channels over Nostr and the Fediverse. Fragmentation is starting to become an issue with decentralized and federated social.
We've taken a look at co-supporting ActivityPub as well actually! And yeah, the fragmentation is an issue. But I honestly think we might see at lease some level of interop between these fragments in the coming years, even if it's just some parts of the protocols and specs going in the same direction.
Interesting project, but...
> BUILT ON OPEN STANDARDS. PRIVATE WHEN NEEDED.
> Running a private group chat? As soon as the AT protocol supports private data, we'll work on implementing it and giving you the option to create private communities.
Not exactly "private when needed" then, is it? It's disingenuous to even mention this in the marketing copy.
Valid point! I'll get that section removed for now and either reword it later, or re-add when the protocol supports it.